9. Securing Web Applications

preview_player
Показать описание
MIT 6.858 Computer Systems Security, Fall 2014
Instructor: James Mickens

In this lecture, Professor Mickens continues looking at how to build secure web applications.

License: Creative Commons BY-NC-SA
  1. MIT OpenCourseWare
  2. content sanitization
  3. XSS
  4. cross-site scripting
  5. SQL injection
  6. session management
Рекомендации по теме
9. Securing Web 1:22:08

9. Securing Web Applications

7 Security Risks 0:09:00

7 Security Risks and Hacking Stories for Web Developers

How to implement 0:00:58

How to implement Security in web applications in MVC?

Web application security: 0:56:25

Web application security: 10 things developers need to know

Securing modern web 0:06:18

Securing modern web applications

Understanding The Fundamentals 0:09:41

Understanding The Fundamentals of API Security | How APIs are Attacked and How to Secure Them

How to Secure 0:02:00

How to Secure your Web Applications

Securing Web Apps 0:40:54

Securing Web Apps with Modern Platform Features (Google I/O ’19)

Spring Boot 3 0:30:00

Spring Boot 3 + Spring Security 6 - JWT Authentication and Authorisation 2024

Keycloak Tutorial #09 0:08:34

Keycloak Tutorial #09 - Securing a Web Application

Application Security 101 0:08:05

Application Security 101 - What you need to know in 8 minutes

CNIT 129S: Securing 1:02:05

CNIT 129S: Securing Web Applications Ch 1-2

Web Application Security 0:26:25

Web Application Security Fundamentals (must know basics for developers, testers and hackers)

Web Application Security 0:03:20

Web Application Security - Best Practices

5-Step Checklist for 0:02:01

5-Step Checklist for Web App Security Testing

Basic concepts of 0:07:47

Basic concepts of web applications, how they work and the HTTP protocol

JavaScript Security Vulnerabilities 0:25:05

JavaScript Security Vulnerabilities Tutorial – With Code Examples

Become an Application 0:10:08

Become an Application Security Engineer | Roadmap

Building Secure Web 0:30:56

Building Secure Web Applications - A Practical Introduction for Developers

Application Security Tutorial 0:11:13

Application Security Tutorial | Application Security Basics | Cyber Security Tutorial | Simplilearn

(In)Secure Web Applications 0:32:14

(In)Secure Web Applications

Web Application Security 0:17:19

Web Application Security | TryHackMe Walkthrough

how hackers hack 0:09:06

how hackers hack any website in 9 minutes 6 seconds?!

CNIT 129S - 0:56:04

CNIT 129S - Securing Web Applications, January 17, 2018 Lecture

Комментарии
Автор

at 37:20, one of the most effective use of the CSP is to limit where javascript can be sourced from. this will get you pretty far down the road against most XSS and other hybrid attacks.

luckynumbersevuuun
Автор

you are very great lecturer i wish i get in touch with doing the great job

alimatthew
Автор

43:00 DROP TABLE tablename; DELETE is used for deleting (some) records from a table.

PMA
Автор

In the third XSS example that didn't work @10:22, judging from the web server logs @10:43, the stripping was already done when the request hit the web server. Without testing this, I'm going to take a guess and say that it's the semicolon that tripped this example; not a browser mechanism that filtered the response and definitely not because of the X-XSS-Protection header being set to 0. That header will only tell the browser what to do with the *response*. It doesn't know about that response header yet when it sends the request.

marveladeguitar
Автор

Quite a lot to think about, so many more vectors than I knew about.

ClearlyCero
Автор

Input Validation, parameterized queries, static & dynamic code analysis is the future to secure code development

armandkruger
Автор

Use prepared/parameterized statements for SQL!

aidanbrumsickle
Автор

I did not catch how putting the sensitive info in the DOM keeps JavaScript eval() from accessing it.

Greatfulone
Автор

this is the great course, I know a lot of stuffs here and why it's important. Finally, I can understand and visualize how these things work

dzungnguyen
Автор

fascinating to learn how things are different 10 years ago

voikalternos
Автор

Prof. Mickens, for the SQL injection attack, would using stored procedures be a way to prevent malicious content being used for injection?

lets_discuss
Автор

Why is bash even looking at the contents of env vars if they are set via setenv(), let alone under any circumstance interpret it as a function? That does not make any sense to me.

blenderpanzi
Автор

<script>alert('Great video!');</script>

GamingBlake
Автор

I went to college in the 1970's. Instructors are still using a blackboard and chalk.

SportsIncorporated
Автор

Lol, "how to prevent xss access to secrets" "hand them out as a capability and store them plain in your html"...

redstoneprojectrules
Автор

Ways to stop SQLi


1- User prepared Statements

2- Stored Procedures
3 - WhiteLists


And a mandatory is never ever trust user input, even if it an internal system. Even worst yet sometimes.


Use all because this called security by depth.

predatorBr
Автор

I can't believe he is writing on a chalkboard. The only way it could be less efficient is if he was engraving stone during the discourse. This is insane. A projector would be better.

jongarcia
Автор

I think this is just me but this is a bit hard to follow. Not a fan of teaching with whiteboard and chalk.

SportsUniqueFootage
Автор

The easiest way to secure a web app is not to use it. That way, it can't cause any security breaches.
We don't need them, so it's not that hard to avoid "web apps" and use real apps instead.

StijnHommes
Автор

Wow I remember my electrical engineering classes at a new york state university to be much more complicated then these MIT computer science classes. This is kindergarden stuff compared to electrical engineering or the many math classes I took

mikecaldwell